| Category | Started On | Completed On | Duration | Cuckoo Version |
|---|---|---|---|---|
| FILE | 2016-11-03 00:31:45.938764 | 2016-11-03 00:33:59.660468 | 133 seconds | 2.0-dev |
| Machine | Label | Manager | Started On | Shutdown On |
|---|---|---|---|---|
| win-xp-sp3 | win-xp-sp3 | VirtualBox | 2016-11-03 00:31:46 | 2016-11-03 00:33:59 |
| File name | APT_ATT11990.pdf | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| File size | 438220 bytes | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| File type | PDF document, version 1.7 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CRC32 | BE9F717B | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| MD5 | 452703b9292a7a5d45eb224c622d32cf | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| SHA1 | 2786d5ac6a4d5e378c0086acb7a8e19a79692cb2 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| SHA256 | 796f0f938e60fc22189c6453db86d41b5cb0f2a84be0ff591584267b21af8dfd | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| SHA512 | f6bd5fdbc07b3837cb5838203a63d3d00923bcdf7c42cdf3ff2038d403db5276c7a222c624f1c5a486e201ca1c0a52880f125adf220fae6f5d129647266365e9 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Ssdeep | 6144:TFBOyA3SpOYOlBvgxM0o5nA2+fIKpsMbq3PPW7Qk9gD/sg3LLTPQJhWZDw7BXJBU:/s/YOf6Ho5HcIIsMYKgTxf0iKxriOH0 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| PEiD | None matched | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Yara | None matched | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| VirusTotal |
Permalink VirusTotal Scan Date: 2014-11-09 14:48:41 Detection Rate: 37/54 (Expand)
|
| File name | 220d543c6f5e2b14_shareddataevents |
|---|---|
| File size | 3072 bytes |
| File type | SQLite 3.x database |
| MD5 | 0cb262a1f53b9388f3fa782cc8da8b7c |
| SHA1 | 7670c6d9cd65bf49fd388be1a676c7523a6154f9 |
| SHA256 | 220d543c6f5e2b14af73096d4c686d01ef530dde97faa16581a6512c1af5573d |
| SHA512 | 303ebe9b74b8bc326e09fdb83c3c616482eaa02861ac6cb8eb8c86e69f67e02259847a0e8d4173b149a06b51e380ebd63c0cbb510175c160ec71114765b2cf6f |
| Ssdeep | 12:HLS0qgtO9OiyopOz2VVXet3aQK+GyMFO+rlhurs7qllZ2atl4h2:r8Rx/XYKQvGJF7ursClZ3l4c |
| Yara | None matched |
| VirusTotal | Search for Analysis |
| File name | f4d656ef5c95da9e_adobearm.log |
|---|---|
| File size | 3030 bytes |
| File type | ASCII text, with CRLF, CR line terminators |
| MD5 | 1bce32edefb21de3bc943bb2b787e656 |
| SHA1 | 76ef05dfee29f3a7ed43283761eb9c7269797672 |
| SHA256 | f4d656ef5c95da9ebba355d43cedee6a4f937ffbdaf1701dd62829cc1d1465ae |
| SHA512 | 6b4aa0e4e3083289d741e9d6417302d873b5a6a804cb12884c1f28581a94b9817cad51f52dad835f7f549f650d6b9183b86ecc4eba11cf17c1f953621d513787 |
| Ssdeep | 48:ob17Q2eMbJ5d1rogAafH5L1XQmaI7Z5z1DkieM7t5Bu1vdf3e57KfDV6YNot0k94:ob1kFmJ5d1sNsH5L1A1aZ5z1A52t501Z |
| Yara | None matched |
| VirusTotal | Search for Analysis |
| File name | 4d7f480cf854fe56_acecache10.lst |
|---|---|
| File size | 1565 bytes |
| File type | data |
| MD5 | abb1825273c1e859babb41ac8a72af31 |
| SHA1 | b609942e14a3fd142cce39cf68ea47f08e79963c |
| SHA256 | 4d7f480cf854fe56292ba57dc64ebb5242e9641408fe8f6e02e54afadfbb1a7f |
| SHA512 | 269f74daf146522bb5f074bf803d3b22e5c00b0bbc83f2a9df41601d8beddbff97de78df7bdca34482766c9965dcb7b5158acd6b657ccd7391fd81d7c1f1498d |
| Ssdeep | 24:ehkFwRfC0yJrBtkRlxFX5C0yJrK3l9XhqXbx8xqdXhqbFBC0yJrBWlV:e/Rq0yROlY0ysl1heaoVhj0yilV |
| Yara | None matched |
| VirusTotal | Search for Analysis |
| File name | a479dd2807cb9817_ArmUI.ini |
|---|---|
| File size | 163994 bytes |
| File type | Little-endian UTF-16 Unicode text, with CRLF line terminators |
| MD5 | 927e703153e62a1cb9a4437659144bda |
| SHA1 | d293a6eb612b6c3bcddeec698e40dbebb5c61879 |
| SHA256 | a479dd2807cb9817ef3ef7a31f3b7582339785e921b4284e55a1387dc38ec770 |
| SHA512 | 0a1d099fccceadb38c7326a9791da18ddeff069600359b415744ae46641b8f041e4a31b00281a996f54b0991dbdf7bdbd0701f6cb71189afd42c207c4631d228 |
| Ssdeep | 3072:kT4CJ4WTbmKk61NmSTBjDT7lV8MztutF4NVxcCXXYAF5CPD:9EYJ |
| Yara | None matched |
| VirusTotal | Search for Analysis |
| File name | dd1729eff12c228c_d3d9caps.dat |
|---|---|
| File size | 664 bytes |
| File type | data |
| MD5 | e0e3c06b08e23f5d0f39a5d5ed3d9166 |
| SHA1 | 46928c9e53d7b85f7525df2a0cd2851c9c035f02 |
| SHA256 | dd1729eff12c228c6447a352e6d96b68c138f8d8aef35b66c9d922dffb2c5393 |
| SHA512 | 314c92a6794d78dc3c8cc160433b6c6f4c7e0e320b63758427b19e3499010d96fd5cb6740f3cff92d82e4cd2d4f8f93dc0fdb6be286a7931407a8e8136906adb |
| Ssdeep | 3:ZllKbllVnIlqQRi5BBl//lHlljlfltl+lp/5tAalB/AMlGM/JlpllDlHl/lr/tmz:8b/+Ni///r1aR5tAanDGM/Ja4llCl |
| Yara | None matched |
| VirusTotal | Search for Analysis |
| File name | 2a2e0ba33d793244_usercache.bin |
|---|---|
| File size | 9662 bytes |
| File type | data |
| MD5 | 912bc7140ba3596f83450d830b7c9557 |
| SHA1 | 0bae66884a3e091bd6095923d4add3984f3e8db2 |
| SHA256 | 2a2e0ba33d79324445847a0128ca611fcc50c82a3556fa9a1478405f990843d2 |
| SHA512 | e9e45522441f2dfcfb2cd273be300a0b2add972c62f7496326a3fc5c45e4f318ca4d446ae2676360958429e39b91c1a7ee677a95d710d2936d5d48b1854dc3f1 |
| Ssdeep | 96:stIHhqWwdwlvw5SR73kAUVokJUJ0JMSJ81Wkhg28c1qOeN6hLWjAHo+1rOAq8oNs:sHWwdwlvwsR3UVoLpB+OeN6LWwTAAk8 |
| Yara | None matched |
| VirusTotal | Search for Analysis |
| File name | 70f141a558422e95_a9r885d.tmp |
|---|---|
| File size | 358 bytes |
| File type | PDF document, version 1.6 |
| MD5 | 2c8f084bd05a8710821c89ffc79a46a6 |
| SHA1 | bbed4ce9c6b0d045990c3a3746577b28481cca93 |
| SHA256 | 70f141a558422e9543132ceefc971ef126cbe7be7a163ba4e81aee43248ca6a8 |
| SHA512 | 5d2c6bec8ec7c0013453512b1fb335d3e2dd581a95ad42d2465ff03101daf54ad74b8d9d77bf638e360548776bed03b7c79f96fecc7e67e8166d2d1ff930b23e |
| Ssdeep | 6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOucpQBcpQtvLCSyAAO:IngVMre9T0HQIDmy9g06JX+cpQBcpQtF |
| Yara | None matched |
| VirusTotal | Search for Analysis |
registry filesystem process services network synchronization
| Timestamp | Thread | Function | Arguments | Status | Return | Repeated |
|---|
| Timestamp | Thread | Function | Arguments | Status | Return | Repeated |
|---|---|---|---|---|---|---|
| 2016-11-03 00:31:46.582260 | LdrLoadDll |
basename => kernel32 module_address => 0x7c800000 flags => 0 module_name => C:\WINDOWS\system32\kernel32.dll |
SUCCESS | |||
| 2016-11-03 00:31:46.732260 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.dll.2.Manifest desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.dll.2.Manifest open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:31:46.732260 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.dll.2.Config desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.dll.2.Config open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:31:46.742260 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Adobe\Reader 9.0\Reader\AGM.dll.2.Manifest desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Reader\AGM.dll.2.Manifest open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:31:46.752260 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Adobe\Reader 9.0\Reader\AGM.dll.2.Config desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Reader\AGM.dll.2.Config open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:31:46.762260 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Adobe\Reader 9.0\Reader\CoolType.dll.2.Manifest desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Reader\CoolType.dll.2.Manifest open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:31:46.772260 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Adobe\Reader 9.0\Reader\CoolType.dll.2.Config desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Reader\CoolType.dll.2.Config open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:31:46.782260 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Adobe\Reader 9.0\Reader\BIB.dll.2.Manifest desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Reader\BIB.dll.2.Manifest open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:31:46.782260 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Adobe\Reader 9.0\Reader\BIB.dll.2.Config desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Reader\BIB.dll.2.Config open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:31:46.792260 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Adobe\Reader 9.0\Reader\ACE.dll.2.Manifest desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Reader\ACE.dll.2.Manifest open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:31:46.792260 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Adobe\Reader 9.0\Reader\ACE.dll.2.Config desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Reader\ACE.dll.2.Config open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:31:46.802260 | LdrLoadDll |
basename => advapi32 module_address => 0x77dd0000 flags => 0 module_name => advapi32.dll |
SUCCESS | |||
| 2016-11-03 00:31:46.802260 | LdrLoadDll |
basename => kernel32 module_address => 0x7c800000 flags => 0 module_name => kernel32.dll |
SUCCESS | |||
| 2016-11-03 00:31:46.802260 | LdrLoadDll |
basename => advapi32 module_address => 0x77dd0000 flags => 0 module_name => advapi32.dll |
SUCCESS | |||
| 2016-11-03 00:31:46.802260 | NtOpenFile |
file_handle => 0x0000006c filepath => \Device\KsecDD desired_access => 0x00100001 filepath_r => \Device\KsecDD open_options => 16 status_info => 0 share_access => 7 |
SUCCESS | |||
| 2016-11-03 00:31:46.802260 | NtOpenFile |
file_handle => 0x00000070 filepath => C:\WINDOWS\system32\wininet.dll desired_access => 0x001200a9 filepath_r => \??\C:\WINDOWS\system32\WININET.dll open_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:46.802260 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\WINDOWS\system32\WININET.dll.123.Manifest desired_access => 0x001200a9 filepath_r => \??\C:\WINDOWS\system32\WININET.dll.123.Manifest open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:31:46.802260 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\WINDOWS\system32\WININET.dll.123.Config desired_access => 0x001200a9 filepath_r => \??\C:\WINDOWS\system32\WININET.dll.123.Config open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:31:46.812260 | LdrLoadDll |
basename => comctl32 module_address => 0x773d0000 flags => 0 module_name => comctl32.dll |
SUCCESS | |||
| 2016-11-03 00:31:46.862260 | LdrLoadDll |
basename => kernel32 module_address => 0x7c800000 flags => 0 module_name => kernel32.dll |
SUCCESS | |||
| 2016-11-03 00:31:46.862260 | LdrLoadDll |
basename => AcroRd32 module_address => 0x009f0000 flags => 0 module_name => C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.dll |
SUCCESS | |||
| 2016-11-03 00:31:46.862260 | NtOpenFile |
file_handle => 0x000000a0 filepath => C:\WINDOWS\system32\rpcss.dll desired_access => 0x00100020 filepath_r => \??\C:\WINDOWS\system32\rpcss.dll open_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-03 00:31:46.862260 | LdrLoadDll |
basename => uxtheme module_address => 0x5ad70000 flags => 0 module_name => C:\WINDOWS\system32\uxtheme.dll |
SUCCESS | |||
| 2016-11-03 00:31:46.862260 | LdrLoadDll |
basename => uxtheme module_address => 0x5ad70000 flags => 0 module_name => uxtheme.dll |
SUCCESS | |||
| 2016-11-03 00:31:46.862260 | LdrLoadDll |
basename => uxtheme module_address => 0x5ad70000 flags => 0 module_name => C:\WINDOWS\system32\uxtheme.dll |
SUCCESS | |||
| 2016-11-03 00:31:46.862260 | LdrLoadDll |
basename => uxtheme module_address => 0x5ad70000 flags => 0 module_name => C:\WINDOWS\system32\uxtheme.dll |
SUCCESS | |||
| 2016-11-03 00:31:46.862260 | LdrLoadDll |
basename => uxtheme module_address => 0x5ad70000 flags => 0 module_name => C:\WINDOWS\system32\uxtheme.dll |
SUCCESS | |||
| 2016-11-03 00:31:46.862260 | LdrLoadDll |
basename => Comctl32 module_address => 0x773d0000 flags => 0 module_name => Comctl32.dll |
SUCCESS | |||
| 2016-11-03 00:31:46.872260 | LdrLoadDll |
basename => kernel32 module_address => 0x7c800000 flags => 0 module_name => kernel32.dll |
SUCCESS | |||
| 2016-11-03 00:31:46.872260 | LdrLoadDll |
basename => BIB module_address => 0x07000000 flags => 0 module_name => C:\Program Files\Adobe\Reader 9.0\Reader\BIB.dll |
SUCCESS | |||
| 2016-11-03 00:31:46.892260 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Adobe\Reader 9.0\Esl\aiodlite.dll.2.Manifest desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Esl\aiodlite.dll.2.Manifest open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:31:46.892260 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Adobe\Reader 9.0\Esl\aiodlite.dll.2.Config desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Esl\aiodlite.dll.2.Config open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:31:46.892260 | LdrLoadDll |
basename => aiodlite module_address => 0x10000000 flags => 0 module_name => C:\Program Files\Adobe\Reader 9.0\Esl\aiodlite.dll |
SUCCESS | |||
| 2016-11-03 00:31:46.892260 | LdrLoadDll |
basename => ADVAPI32 module_address => 0x77dd0000 flags => 0 module_name => C:\WINDOWS\system32\ADVAPI32.DLL |
SUCCESS | |||
| 2016-11-03 00:31:46.892260 | LdrLoadDll |
basename => ieframe module_address => 0x00000000 flags => 0 module_name => C:\WINDOWS\system32\ieframe.dll |
FAILURE | |||
| 2016-11-03 00:31:46.892260 | LdrLoadDll |
basename => acrord32 module_address => 0x009f0000 flags => 0 module_name => c:\program files\adobe\reader 9.0\reader\acrord32.dll |
SUCCESS | |||
| 2016-11-03 00:31:46.932260 | LdrLoadDll |
basename => UxTheme module_address => 0x5ad70000 flags => 0 module_name => UxTheme.dll |
SUCCESS | |||
| 2016-11-03 00:31:46.932260 | NtOpenFile |
file_handle => 0x000000b0 filepath => C:\Program Files\Adobe\Reader 9.0\Reader\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Reader\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.033260 | NtOpenFile |
file_handle => 0x000000bc filepath => C:\Documents and Settings\ardi\Application Data\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\ardi\Application Data\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.033260 | NtCreateFile |
create_disposition => 2 file_handle => 0x000000bc filepath => C:\Documents and Settings\ardi\Application Data\Adobe desired_access => 0x00100001 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\ardi\Application Data\Adobe create_options => 16417 status_info => 2 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.033260 | NtOpenFile |
file_handle => 0x000000bc filepath => C:\Documents and Settings\ardi\Application Data\Adobe\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\ardi\Application Data\Adobe\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.033260 | NtCreateFile |
create_disposition => 2 file_handle => 0x000000bc filepath => C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat desired_access => 0x00100001 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat create_options => 16417 status_info => 2 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.033260 | NtOpenFile |
file_handle => 0x000000bc filepath => C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.033260 | NtCreateFile |
create_disposition => 2 file_handle => 0x000000bc filepath => C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0 desired_access => 0x00100001 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0 create_options => 16417 status_info => 2 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.033260 | NtOpenFile |
file_handle => 0x000000bc filepath => C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.033260 | NtOpenFile |
file_handle => 0x000000bc filepath => C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.033260 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000000 filepath => C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0\UserCache.bin desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0\UserCache.bin create_options => 100 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:31:47.053260 | LdrLoadDll |
basename => ole32 module_address => 0x774e0000 flags => 0 module_name => ole32.dll |
SUCCESS | |||
| 2016-11-03 00:31:47.053260 | CoInitializeEx |
options => 6 |
FAILURE | |||
| 2016-11-03 00:31:47.053260 | LdrLoadDll |
basename => SHELL32 module_address => 0x7c9c0000 flags => 0 module_name => C:\WINDOWS\system32\SHELL32.dll |
SUCCESS | |||
| 2016-11-03 00:31:47.053260 | LdrLoadDll |
basename => SETUPAPI module_address => 0x77920000 flags => 0 module_name => SETUPAPI.dll |
SUCCESS | |||
| 2016-11-03 00:31:47.053260 | LdrLoadDll |
basename => rpcrt4 module_address => 0x77e70000 flags => 0 module_name => rpcrt4.dll |
SUCCESS | |||
| 2016-11-03 00:31:47.053260 | NtCreateFile |
create_disposition => 1 file_handle => 0x000000f8 filepath => \\?\PIPE\lsarpc desired_access => 0xc0100080 file_attributes => 0 filepath_r => \??\PIPE\lsarpc create_options => 64 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.053260 | NtWriteFile |
buffer => H ¸¸ xW44ëï #Eg‰« ]ˆŠëɟè +H` file_handle => 0x000000f8 offset => 0 |
SUCCESS | |||
| 2016-11-03 00:31:47.053260 | NtCreateFile |
create_disposition => 1 file_handle => 0x000000f4 filepath => \\?\PIPE\lsarpc desired_access => 0xc0100080 file_attributes => 0 filepath_r => \??\PIPE\lsarpc create_options => 64 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.053260 | NtWriteFile |
buffer => H ¸¸ xW44ëï #Eg‰« ]ˆŠëɟè +H` file_handle => 0x000000f4 offset => 0 |
SUCCESS | |||
| 2016-11-03 00:31:47.053260 | NtOpenFile |
file_handle => 0x000000fc filepath => \??\IDE#CdRomVBOX_CD-ROM_____________________________1.0_____#42562d3131303066333036662020202020202020#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} desired_access => 0x00100080 filepath_r => \??\IDE#CdRomVBOX_CD-ROM_____________________________1.0_____#42562d3131303066333036662020202020202020#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} open_options => 96 status_info => 0 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.053260 | NtOpenFile |
file_handle => 0x000000fc filepath => \??\IDE#CdRomVBOX_CD-ROM_____________________________1.0_____#42562d3131303066333036662020202020202020#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} desired_access => 0x00100080 filepath_r => \??\IDE#CdRomVBOX_CD-ROM_____________________________1.0_____#42562d3131303066333036662020202020202020#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} open_options => 16 status_info => 0 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.053260 | NtCreateFile |
create_disposition => 1 file_handle => 0x000000fc filepath => \??\MountPointManager desired_access => 0x00100080 file_attributes => 128 filepath_r => \??\MountPointManager create_options => 96 status_info => 0 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.053260 | NtOpenFile |
file_handle => 0x000000fc filepath => \??\STORAGE#Volume#1&30a96598&0&SignatureEBD7EBD7Offset7E00Length9FF2E4A00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} desired_access => 0x00100080 filepath_r => \??\STORAGE#Volume#1&30a96598&0&SignatureEBD7EBD7Offset7E00Length9FF2E4A00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} open_options => 96 status_info => 0 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.053260 | NtOpenFile |
file_handle => 0x000000fc filepath => \??\STORAGE#Volume#1&30a96598&0&SignatureEBD7EBD7Offset7E00Length9FF2E4A00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} desired_access => 0x00100080 filepath_r => \??\STORAGE#Volume#1&30a96598&0&SignatureEBD7EBD7Offset7E00Length9FF2E4A00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} open_options => 16 status_info => 0 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.053260 | NtCreateFile |
create_disposition => 1 file_handle => 0x000000fc filepath => \??\MountPointManager desired_access => 0x00100080 file_attributes => 128 filepath_r => \??\MountPointManager create_options => 96 status_info => 0 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.053260 | NtCreateFile |
create_disposition => 1 file_handle => 0x000000fc filepath => \??\MountPointManager desired_access => 0x00100080 file_attributes => 128 filepath_r => \??\MountPointManager create_options => 96 status_info => 0 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.053260 | NtCreateFile |
create_disposition => 1 file_handle => 0x000000fc filepath => \??\MountPointManager desired_access => 0x00100080 file_attributes => 128 filepath_r => \??\MountPointManager create_options => 96 status_info => 0 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.053260 | NtCreateFile |
create_disposition => 1 file_handle => 0x000000fc filepath => \??\MountPointManager desired_access => 0x00100080 file_attributes => 128 filepath_r => \??\MountPointManager create_options => 96 status_info => 0 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.053260 | NtCreateFile |
create_disposition => 1 file_handle => 0x000000fc filepath => \??\MountPointManager desired_access => 0x00100080 file_attributes => 128 filepath_r => \??\MountPointManager create_options => 96 status_info => 0 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.063260 | NtOpenFile |
file_handle => 0x00000100 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.063260 | LdrLoadDll |
basename => SHELL32 module_address => 0x7c9c0000 flags => 0 module_name => SHELL32.dll |
SUCCESS | |||
| 2016-11-03 00:31:47.063260 | LdrLoadDll |
basename => ole32 module_address => 0x774e0000 flags => 0 module_name => ole32.dll |
SUCCESS | |||
| 2016-11-03 00:31:47.063260 | NtOpenFile |
file_handle => 0x00000108 filepath => C:\Program Files\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.063260 | CoUninitialize | SUCCESS | ||||
| 2016-11-03 00:31:47.063260 | LdrLoadDll |
basename => shell32 module_address => 0x7c9c0000 flags => 0 module_name => shell32.dll |
SUCCESS | |||
| 2016-11-03 00:31:47.063260 | NtOpenFile |
file_handle => 0x00000108 filepath => C:\Program Files\Common Files\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Common Files\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.063260 | CoInitializeEx |
options => 6 |
FAILURE | |||
| 2016-11-03 00:31:47.063260 | NtOpenFile |
file_handle => 0x000000fc filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.063260 | NtOpenFile |
file_handle => 0x000000fc filepath => C:\Documents and Settings\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.063260 | NtOpenFile |
file_handle => 0x000000fc filepath => C:\Documents and Settings\ardi\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\ardi\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.063260 | NtOpenFile |
file_handle => 0x000000fc filepath => C:\Documents and Settings\ardi\Local Settings\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\ardi\Local Settings\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.063260 | CoUninitialize | SUCCESS | ||||
| 2016-11-03 00:31:47.063260 | NtOpenFile |
file_handle => 0x000000fc filepath => C:\Documents and Settings\ardi\Local Settings\Application Data\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\ardi\Local Settings\Application Data\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.063260 | NtOpenFile |
file_handle => 0x000000fc filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.063260 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000000 filepath => C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0\AdobeComFnt09.lst desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0\AdobeComFnt09.lst create_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:31:47.063260 | LdrLoadDll |
basename => shell32 module_address => 0x7c9c0000 flags => 0 module_name => shell32.dll |
SUCCESS | |||
| 2016-11-03 00:31:47.063260 | LdrLoadDll |
basename => shell32 module_address => 0x7c9c0000 flags => 0 module_name => shell32.dll |
SUCCESS | |||
| 2016-11-03 00:31:47.063260 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Common Files\Adobe\Fonts\Reqrd\CMaps\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Common Files\Adobe\Fonts\Reqrd\CMaps\ open_options => 16417 status_info => 4294967295 share_access => 3 |
FAILURE | |||
| 2016-11-03 00:31:47.063260 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Common Files\Adobe\Fonts\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Common Files\Adobe\Fonts\ open_options => 16417 status_info => 4294967295 share_access => 3 |
FAILURE | |||
| 2016-11-03 00:31:47.063260 | NtOpenFile |
file_handle => 0x00000108 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.073260 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000000 filepath => C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0\AdobeCMapFnt09.lst desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0\AdobeCMapFnt09.lst create_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:31:47.073260 | LdrLoadDll |
basename => shell32 module_address => 0x7c9c0000 flags => 0 module_name => shell32.dll |
SUCCESS | |||
| 2016-11-03 00:31:47.073260 | LdrLoadDll |
basename => shell32 module_address => 0x7c9c0000 flags => 0 module_name => shell32.dll |
SUCCESS | |||
| 2016-11-03 00:31:47.083260 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Reqrd\CMaps\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Reqrd\CMaps\ open_options => 16417 status_info => 4294967295 share_access => 3 |
FAILURE | |||
| 2016-11-03 00:31:47.083260 | NtOpenFile |
file_handle => 0x00000108 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.083260 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.083260 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.083260 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.093260 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.093260 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.103260 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.103260 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.103260 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.103260 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.103260 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.103260 | NtOpenFile |
file_handle => 0x000000fc filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.113260 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000000 filepath => C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0\AdobeSysFnt09.lst desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0\AdobeSysFnt09.lst create_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:31:47.113260 | LdrLoadDll |
basename => gdi32 module_address => 0x77f10000 flags => 0 module_name => gdi32.dll |
SUCCESS | |||
| 2016-11-03 00:31:47.113260 | LdrLoadDll |
basename => advapi32 module_address => 0x77dd0000 flags => 0 module_name => advapi32.dll |
SUCCESS | |||
| 2016-11-03 00:31:47.233260 | NtOpenFile |
file_handle => 0x000000fc filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.233260 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000000 filepath => C:\Documents and Settings\ardi\Local Settings\Application Data\Adobe\Acrobat\9.0\Cache\AcroFnt09.lst desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\ardi\Local Settings\Application Data\Adobe\Acrobat\9.0\Cache\AcroFnt09.lst create_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:31:47.233260 | LdrLoadDll |
basename => shell32 module_address => 0x7c9c0000 flags => 0 module_name => shell32.dll |
SUCCESS | |||
| 2016-11-03 00:31:47.233260 | NtOpenFile |
file_handle => 0x00000108 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.233260 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.233260 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.233260 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.233260 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.243260 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.243260 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.243260 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.243260 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.243260 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.243260 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.243260 | NtOpenFile |
file_handle => 0x000000fc filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.243260 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000000 filepath => C:\Documents and Settings\ardi\Local Settings\Application Data\Adobe\Acrobat\9.0\Cache\AcroFnt09.lst desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\ardi\Local Settings\Application Data\Adobe\Acrobat\9.0\Cache\AcroFnt09.lst create_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:31:47.243260 | LdrLoadDll |
basename => shell32 module_address => 0x7c9c0000 flags => 0 module_name => shell32.dll |
SUCCESS | |||
| 2016-11-03 00:31:47.243260 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CIDFont\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CIDFont\ open_options => 16417 status_info => 4294967295 share_access => 3 |
FAILURE | |||
| 2016-11-03 00:31:47.243260 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000000 filepath => C:\Documents and Settings\ardi\Local Settings\Application Data\Adobe\Acrobat\9.0\Cache\AcroFnt09.lst desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\ardi\Local Settings\Application Data\Adobe\Acrobat\9.0\Cache\AcroFnt09.lst create_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:31:47.243260 | LdrLoadDll |
basename => shell32 module_address => 0x7c9c0000 flags => 0 module_name => shell32.dll |
SUCCESS | |||
| 2016-11-03 00:31:47.243260 | NtOpenFile |
file_handle => 0x00000108 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.253260 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.253260 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\AdobePiStd.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\AdobePiStd.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.253260 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\AdobePiStd.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\AdobePiStd.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.253260 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.253260 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\AdobePiStd.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\AdobePiStd.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.253260 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.253260 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\AdobePiStd.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\AdobePiStd.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.253260 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.253260 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-Bold.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-Bold.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.253260 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-Bold.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-Bold.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.263260 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.263260 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-Bold.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-Bold.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.263260 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.263260 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-Bold.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-Bold.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.263260 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.263260 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-BoldOblique.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-BoldOblique.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.263260 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-BoldOblique.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-BoldOblique.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.263260 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.263260 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-BoldOblique.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-BoldOblique.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.263260 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.263260 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-BoldOblique.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-BoldOblique.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.263260 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.263260 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-Oblique.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-Oblique.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.263260 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-Oblique.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-Oblique.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.263260 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.263260 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-Oblique.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-Oblique.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.263260 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.263260 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-Oblique.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-Oblique.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.263260 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.263260 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.273260 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.283260 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.283260 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.283260 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.283260 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.283260 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.293260 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-Bold.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-Bold.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.293260 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-Bold.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-Bold.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.333260 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.333260 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-Bold.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-Bold.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.333260 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.333260 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-Bold.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-Bold.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.333260 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.333260 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-BoldIt.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-BoldIt.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.333260 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-BoldIt.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-BoldIt.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.343260 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.343260 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-BoldIt.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-BoldIt.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.343260 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.343260 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-BoldIt.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-BoldIt.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.353260 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.353260 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-It.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-It.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.353260 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-It.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-It.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.373260 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.373260 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-It.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-It.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.373260 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.373260 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-It.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-It.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.373260 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.373260 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-Regular.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-Regular.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.373260 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-Regular.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-Regular.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.423260 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.423260 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-Regular.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-Regular.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.423260 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.423260 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-Regular.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-Regular.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.423260 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.423260 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadCurrency-Regular.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadCurrency-Regular.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.423260 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadCurrency-Regular.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadCurrency-Regular.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.443260 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.443260 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadCurrency-Regular.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadCurrency-Regular.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.443260 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.443260 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadCurrency-Regular.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadCurrency-Regular.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.443260 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.453260 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-Bold.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-Bold.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.453260 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-Bold.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-Bold.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.473260 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.483260 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-Bold.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-Bold.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.483260 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.483260 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-Bold.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-Bold.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.483260 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.483260 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-BoldIt.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-BoldIt.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.483260 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-BoldIt.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-BoldIt.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.503260 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.503260 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-BoldIt.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-BoldIt.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.503260 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.503260 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-BoldIt.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-BoldIt.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.503260 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.503260 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-It.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-It.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.503260 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-It.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-It.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.543260 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.543260 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-It.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-It.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.543260 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.543260 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-It.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-It.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.543260 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.543260 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-Regular.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-Regular.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.543260 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-Regular.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-Regular.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.573260 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.573260 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-Regular.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-Regular.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.573260 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.573260 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-Regular.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-Regular.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.573260 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.573260 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\SY______.PFB desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\SY______.PFB create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.573260 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\SY______.PFB desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\SY______.PFB create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.583260 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.583260 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\SY______.PFB desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\SY______.PFB create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.593260 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.593260 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\PFM\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\pfm\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.593260 | NtOpenFile |
file_handle => 0x00000118 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.593260 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000118 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\PFM\SY______.PFM desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\pfm\SY______.PFM create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.593260 | NtOpenFile |
file_handle => 0x00000118 filepath => C:\Program Files\Common Files\Adobe\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Common Files\Adobe\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.593260 | NtOpenFile |
file_handle => 0x00000118 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.593260 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000118 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\PFM\SY______.PFM desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\pfm\SY______.PFM create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.593260 | NtOpenFile |
file_handle => 0x00000118 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.593260 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000118 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\ZX______.PFB desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\ZX______.PFB create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.593260 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000118 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\ZX______.PFB desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\ZX______.PFB create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.593260 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.593260 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\ZX______.PFB desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\ZX______.PFB create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.603260 | NtOpenFile |
file_handle => 0x00000118 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.603260 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\mmm\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\mmm\ open_options => 16417 status_info => 4294967295 share_access => 3 |
FAILURE | |||
| 2016-11-03 00:31:47.603260 | NtOpenFile |
file_handle => 0x00000118 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.603260 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000118 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\ZY______.PFB desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\ZY______.PFB create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.603260 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000118 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\ZY______.PFB desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\ZY______.PFB create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.603260 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.603260 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\ZY______.PFB desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\ZY______.PFB create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.603260 | NtOpenFile |
file_handle => 0x00000118 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.613260 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\mmm\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\mmm\ open_options => 16417 status_info => 4294967295 share_access => 3 |
FAILURE | |||
| 2016-11-03 00:31:47.613260 | NtOpenFile |
file_handle => 0x00000108 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\PFM\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\PFM\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.613260 | NtOpenFile |
file_handle => 0x00000118 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.613260 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000118 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\PFM\SY______.PFM desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\PFM\SY______.PFM create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.613260 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000118 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\PFM\SY______.PFM desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\PFM\SY______.PFM create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.613260 | NtOpenFile |
file_handle => 0x00000118 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.613260 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000118 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\PFM\zx______.pfm desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\PFM\zx______.pfm create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.613260 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000118 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\PFM\zx______.pfm desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\PFM\zx______.pfm create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.613260 | NtOpenFile |
file_handle => 0x00000118 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.613260 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000118 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\PFM\zy______.pfm desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\PFM\zy______.pfm create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.613260 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000118 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\PFM\zy______.pfm desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\PFM\zy______.pfm create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.613260 | NtOpenFile |
file_handle => 0x000000fc filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.613260 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000000 filepath => C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0\AdobeComFnt09.lst desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0\AdobeComFnt09.lst create_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:31:47.613260 | LdrLoadDll |
basename => shell32 module_address => 0x7c9c0000 flags => 0 module_name => shell32.dll |
SUCCESS | |||
| 2016-11-03 00:31:47.613260 | LdrLoadDll |
basename => shell32 module_address => 0x7c9c0000 flags => 0 module_name => shell32.dll |
SUCCESS | |||
| 2016-11-03 00:31:47.613260 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Common Files\Adobe\Fonts\Reqrd\CMaps\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Common Files\Adobe\Fonts\Reqrd\CMaps\ open_options => 16417 status_info => 4294967295 share_access => 3 |
FAILURE | |||
| 2016-11-03 00:31:47.613260 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Common Files\Adobe\Fonts\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Common Files\Adobe\Fonts\ open_options => 16417 status_info => 4294967295 share_access => 3 |
FAILURE | |||
| 2016-11-03 00:31:47.613260 | NtOpenFile |
file_handle => 0x00000108 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.613260 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000000 filepath => C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0\AdobeCMapFnt09.lst desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0\AdobeCMapFnt09.lst create_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:31:47.613260 | LdrLoadDll |
basename => shell32 module_address => 0x7c9c0000 flags => 0 module_name => shell32.dll |
SUCCESS | |||
| 2016-11-03 00:31:47.613260 | LdrLoadDll |
basename => shell32 module_address => 0x7c9c0000 flags => 0 module_name => shell32.dll |
SUCCESS | |||
| 2016-11-03 00:31:47.613260 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Reqrd\CMaps\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Reqrd\CMaps\ open_options => 16417 status_info => 4294967295 share_access => 3 |
FAILURE | |||
| 2016-11-03 00:31:47.613260 | NtOpenFile |
file_handle => 0x00000108 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.613260 | NtOpenFile |
file_handle => 0x00000118 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.613260 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000118 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.613260 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000118 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.613260 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.613260 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.613260 | NtOpenFile |
file_handle => 0x00000118 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.643260 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000118 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.643260 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000118 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.643260 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:31:47.643260 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:31:47.643260 | NtCreateFile |
create_disposition => 5 file_handle => 0x000000fc filepath => C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0\UserCache.bin desired_access => 0xc0100080 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0\UserCache.bin create_options => 96 status_info => 2 share_access => 0 |
SUCCESS | |||
| 2016-11-03 00:31:47.643260 | NtWriteFile | buffer => 4 67 75 FID.1:o: :F:ArialMT P:Arial L:$  "F:Arial # 89 FID.1:o: :F:Arial-ItalicMT P:Arial Italic L:$  ÿ "F:Arial # 85 FID.1:o: :F:Arial-BoldMT P:Arial Bold L:$ ¼ "F:Arial # 98 FID.1:o: :F:Arial-BoldItalicMT P:Arial Bold Italic L:$ ¼ ÿ "F:Arial # 91 FID.1:o: :F:Arial-Black P:Arial Black L:- „ "F:Arial Black # 95 FID.1:o: :F:ComicSansMS P:Comic Sans MS L:-  BF:Comic Sans MS # 105 FID.1:o: :F:ComicSansMS-Bold P:Comic Sans MS Bold L:- ¼ BF:Comic Sans MS # 94 FID.1:o: :F:CourierNewPSMT P:Courier New L:$  1F:Courier New # 108 FID.1:o: :F:CourierNewPS-ItalicMT P:Courier New Italic L:$  ÿ 1F:Courier New # 104 FID.1:o: :F:CourierNewPS-BoldMT P:Courier New Bold L:$ ¼ 1F:Courier New # 117 FID.1:o: :F:CourierNewPS-BoldItalicMT P:Courier New Bold Italic L:$ ¼ ÿ 1F:Courier New # 84 FID.1:k: :P:C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd.otf # 92 FID.1:k: :P:C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-Oblique.otf # 89 FID.1:k: :P:C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-Bold.otf # 96 FID.1:k: :P:C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-BoldOblique.otf # 108 FID.1:o: :F:EstrangeloEdessa P:Estrangelo Edessa L:  BF:Estrangelo Edessa # 123 FID.1:o: :F:FranklinGothic-Medium P:Franklin Gothic Medium L:$  "F:Franklin Gothic Medium # 136 FID.1:o: :F:FranklinGothic-MediumItalic P:Franklin Gothic Medium Italic L:$  ÿ "F:Franklin Gothic Medium # 79 FID.1:o: :F:Gautami P:Gautami L:8  F:Gautami # 79 FID.1:o: :F:Georgia P:Georgia L:$  F:Georgia # 93 FID.1:o: :F:Georgia-Italic P:Georgia Italic L:$  ÿ F:Georgia # 89 FID.1:o: :F:Georgia-Bold P:Georgia Bold L:$ ¼ F:Georgia # 102 FID.1:o: :F:Georgia-BoldItalic P:Georgia Bold Italic L:$ ¼ ÿ F:Georgia # 76 FID.1:o: :F:Impact P:Impact L:' |